With the rapid rise in mobile technology, it is only natural to assume that the number of security incidents involving mobile devices is also growing. In fact, a recent study shows that in just the past year there has been a significant and concerning increase in mobile phone attacks due to many companies not taking the necessary steps to protect their devices. In a new Verizon report that surveyed 671 professionals in charge of mobile device procurement and management, one in three organizations admitted to suffering a compromise due to unsecured mobile devices. This represents a five percent increase compared to the results of a similar survey conducted last year by Verizon.
However, the truly surprising reveal from the study is that the majority of the organizations surveyed said that they are not unaware of mobile threats, they just decided that mobile security is not a priority compared to other tasks. Almost half of the respondents admitted that their organization sacrificed mobile security to get their jobs done faster and nearly half of the respondents admitted that their organization sacrificed mobile security to get their jobs done faster and nearly half of those that cut corners experienced a mobile-related security compromise.
“Mobile devices are prone to many of the same attacks as other devices,” Verizon said in its Mobile Security Index 2019 report. “Most phishing attacks and badly coded sites can affect them; mobile users might even be more vulnerable. And there are also mobile-specific exploits—like malicious apps and rogue wireless hotspots.”
“And yet again this year, we found that many companies are failing to protect their mobile devices,” the company said. “And we’re not talking about some almost-impossible-to-achieve gold standard. We’re talking about companies failing to meet even a basic level of preparedness.”
This is not due to a lack of awareness, as over 80 percent of respondents said their companies were at risk from mobile threats and 69 said those risks have increased over the past year. Meanwhile, less than 25 percent of those that didn’t sacrifice security for speed and profit had a mobile-related compromise. Additionally, around 60 percent of incidents were described as major and 40 percent as major with lasting repercussions. Over half resulted in the loss of data and 58 percent also led to the compromise of other devices.
Verizon found that there is a perception gap because over 80 percent of organizations believe their precautions are either effective of very effective but less than 12 percent had actually implemented all four basic protections: encrypting data on public networks, changing default passwords, regularly testing security systems and restricting access to data on a “need to know” basis.
Eight in ten companies were also confident that they would be able to spot a problem quickly, but the study revealed that in 63 percent of cases, compromises were reported by a third party such as a customer, partner or law enforcement. That’s not surprising given that only two in three organizations had deployed at least one solution that would help with detection of security incidents: mobile endpoint security, data loss prevention or security information and event management (SIEM).
A robust IT resilience strategy requires three components: continuous availability, workload mobility and multi-cloud agility. The Verizon report includes a table with recommendations for improving the security of mobile devices in the enterprise. It is broken down by types of actions like assessing, protecting, detecting and responding and the level of sophistication: baseline, better and best. You can download a copy of the report using this link.